Social app Path uploads users' address books, to get fix

updated 06:00 pm EST, Tue February 7, 2012

by MacNN Staff

No explanation given, opt-in change coming

The social networking app Path, which provides its own community along with the ability to share statuses and pictures to other popular public networks like Twitter and Facebook, has been discovered to be uploading users' entire address books to its own servers on first use. The undisclosed (and unauthorized) uploading was discovered by developer Arun Thampi and detailed in a blog post. The co-founder of Path responded by saying users would soon have an opt-in on the "feature," but did not explain why opt-in wasn't there from the beginning.

Once a user joins Path, the app sends user credentials and metadata back to Path's servers, then calls for and uploads the entire user address book -- including names, e-mail addresses and phone numbers -- to the servers. Path is not the only iOS app that leverages user contact information: Dragon Dictation is another app that uploads names from the address book to its servers, but in that case Dragon makes it clear what the information is going to be used for (recognition of contact's names in spoken dictation) and requests user authorization before it does so. Path does neither of these things.

The company has said that it already added an "opt-in" feature for the service to its Android version of the app a few weeks ago, and is updating its iOS app to do the same, but questions remain about why the company requires so much detailed information from its users, how secure the collected data is and how many Path users are completely unaware of the practice and its implications.

Other social networks like Google+ and Facebook rely on users to voluntarily fill in address information for themselves. Facebook uses information voluntarily entered, such as schools attended, to make connections (i.e., "People You May Know") and Google+ can also leverage and connect other users to a given user through the connections made with other Google services (for example GMail).

Dave Morin, the co-founder and CEO of Path, wrote a response to Thampi's inquiries as to why Path didn't initiate opt-in from day one and claims that the address information is used solely "to help the user find and connect to their friends and family on Path quickly and efficiently as well as notify them when friends and family join Path," but did not respond to the original question. He thanked Thampi for "pointing this out" and said it was "an important conversation and take this very seriously," but didn't explain why the "conversation" hadn't happened until a developer discovered the company secretly pilfering user data without the user's knowledge or consent.

Morin went on to claim that "this is currently the industry best practice and the App Store guidelines do not specifically discuss contact information. However, as mentioned, we believe users need further transparency on how this works, so we've been proactively addressing this." Path debuted on the iPhone in November of 2010. Apple's guidelines are clear that user data is not to be accessed without authorization.

He goes on to say that the company are "proactively" rolling out an opt-in for v2.0.6 of the iOS client pending App Store approval. Though Morin specifically says that Path does nothing more with the data than use it for friend and family matching, he did not explicitly rule out the possibility that third parties (such as advertisers) may be able to access the data and use it for other purposes.

Users who are concerned about their privacy or wish to leave the service can send an e-mail to service@path.com to request that their address book data be erased and/or their accounts closed.

A game app was caught doing this within the first three months of the app store being opened. And yet Apple never closed the door on this privacy hole?

And more amazing is how Apple gets a free ride on this type of thing. Yeah, it's not a security hole in the iOS that allows an app to get your entire address book and shoot it out over the internet. it's a 'feature' that was misused.

If an Android app was caught doing this, I'm sure we'd be hearing how that OS is just filled with holes and malware and trojans and thank god we don't have those issues with iOS!

Login Here

Now AAPL Stock: 153.14 ( + 2.59 )

Cirrus creates Lightning-headphone dev kit

Apple supplier Cirrus Logic has introduced a MFi-compliant new development kit for companies interested in using Cirrus' chips to create Lightning-based headphones, which -- regardless of whether rumors about Apple dropping the analog headphone jack in its iPhone this fall -- can offer advantages to music-loving iOS device users. The kit mentions some of the advantages of an all-digital headset or headphone connector, including higher-bitrate support, a more customizable experience, and support for power and data transfer into headphone hardware. Several companies already make Lightning headphones, and Apple has supported the concept since June 2014. http://bit.ly/29giiZj

Share

Developer453d

Apple Store app offers Procreate Pocket

The Apple Store app for iPhone, which periodically rewards users with free app gifts, is now offering the iPhone "Pocket" version of drawing app Procreate for those who have the free Apple Store app until July 28. Users who have redeemed the offer by navigating to the "Stores" tab of the app and swiping past the "iPhone Upgrade Program" banner to the "Procreate" banner have noted that only the limited Pocket (iPhone) version of the app is available free, even if the Apple Store app is installed and the offer redeemed on an iPad. The Pocket version currently sells for $3 on the iOS App Store. [32.4MB]

Share

453d

Porsche adds CarPlay to 2017 Panamera

Porsche has added a fifth model of vehicle to its CarPlay-supported lineup, announcing that the 2017 Panamera -- which will arrive in the US in January -- will include Apple's infotainment technology, and be seen on a giant 12.3-inch touchscreen as part of an all-new Porsche Communication Management system. The luxury sedan starts at $99,900 for the 4S model, and scales up to the Panamera Turbo, which sells for $146,900. Other vehicles that currently support CarPlay include the 2016 911 and the 2017 models of Macan, 718 Boxster, and 718 Cayman. The company did not mention support for Google's corresponding Android Auto in its announcement. http://bit.ly/295ZQ94

Share

Industry453d

Apple employees testing wheelchair features

New features included in the forthcoming watchOS 3 are being tested by Apple retail store employees, including a new activity-tracking feature that has been designed with wheelchair users in mind. The move is slightly unusual in that, while retail employees have previously been used to test pre-release versions of OS X and iOS, this marks the first time they've been included in the otherwise developer-only watchOS betas. The company is said to have gone to great lengths to modify the activity tracker for wheelchair users, including changing the "time to stand" notification to "time to roll" and including two wheelchair-centric workout apps. http://bit.ly/2955JDa

Share

Troubleshooting454d

SanDisk reveals two 256GB microSDXC cards

SanDisk has introduced two 256GB microSDXC cards. Arriving in August for $150, the Ultra microSDXC UHS-I Premium Edition card offers transfer speeds of up to 95MB/s for reading data. The Extreme microSDXC UHS-I card can read at a fast 100MB/s and write at up to 90MB/s, and will be shipping sometime in the fourth quarter for $200. http://bit.ly/294Q1If

Share

Upgrades/storage454d

Apple's third-quarter results due July 26

Apple has advised it will be issuing its third-quarter results on July 26, with a conference call to answer investor and analyst queries about the earnings set to take place later that day. The stream of the call will go live at 2pm PT (5pm ET) via Apple's investor site, with the results themselves expected to be released roughly 30 minutes before the call commences. Apple's guidance for the quarter put revenue at between $41 billion and $43 billion. http://apple.co/1oi1Pbm

Share

Investor455d

Twitter stickers slowly roll out to users

Twitter has introduced "stickers," allowing users to add extra graphical elements to their photos before uploading them to the micro-blogging service. A library of hundreds of accessories, props, and emoji will be available to use as stickers, which can be resized, rotated, and placed anywhere on the photograph. Images with stickers will also become searchable with viewers able to select a sticker to see how others use the same graphic in their own posts. Twitter advises stickers will be rolling out to users over the next few weeks, and will work on both the mobile apps and through the browser. http://bit.ly/29bbwUE